htmx
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical resource for the HTMX ecosystem, providing guidance on building hypermedia-driven interfaces with no evidence of malicious intent.
- [EXTERNAL_DOWNLOADS]: The skill references the official HTMX library and various extensions (WebSockets, SSE, Preload, Response Targets) hosted on well-known, standard CDNs including unpkg.com and jsdelivr.net. These are documented neutrally as standard requirements for using the technology.
- [DATA_EXFILTRATION]: While the skill describes the use of network request attributes (hx-get, hx-post, etc.), these are core features of HTMX. The documentation includes dedicated security sections explaining how to implement CSRF protection, Content Security Policy (CSP), and URL validation to prevent misuse.
- [PROMPT_INJECTION]: The skill's content is strictly instructional and technical; it contains no instructions intended to manipulate agent behavior, override safety guidelines, or extract system prompts.
- [COMMAND_EXECUTION]: The skill includes benign bash examples in the testing section for auditing HTML templates. These are provided as developer utilities for local audits and do not involve suspicious subprocess execution or privilege escalation.
Audit Metadata